id: Гость   вход   регистрация
текущее время 18:59 18/01/2017
Владелец: okdan (создано 24/09/2013 15:26), редакция от 25/09/2013 09:45 (автор: SATtva) Печать
Категории: софт, анонимность, политика, tor, уязвимости, спецслужбы, firefox
http://www.pgpru.com/Новости/2013/ФБРОфициальноПризналасьВКонтролеНадАнонимнойСетьюTor
создать
просмотр
редакции
ссылки

24.09 // ФБР официально признало взлом хостинга скрытых сервисов Tor


Федеральное бюро расследований (ФБР) подтвердило свою причастность к взлому и управлению серверами, обслуживающих анонимную сеть Tor. Соответствующее заявление в суде сделал специальный агент ФБР Брук Донахью (Brooke Donahue), сообщает Wired.


28-летний Эрик Оуэн Маркес (Eric Eoin Marques), проживающий в Дублине предположительный создатель хостинг-компании Freedom Hosting, обвиняется в распространении детской порнографии через сеть Tor.


По словам защитников Маркеса, агенты ФБР еще до его ареста, без судебных санкций, вторглись в дата-центр, где размещались сервера Freedom Hosting, и установили ПО для перехвата данных.


Газета The Irish Independent утверждает, что Маркес еще несколько месяцев назад пытался внести изменения в настройки серверов Freedom Hosting, но не смог этого сделать, поскольку ФБР сменило их пароли.


Сеть Tor позволяет анонимно размещать в Сети веб-сайты и предоставлять пользователям доступ к ним на условиях анонимности. В числе прочих задач она используется для распространения запрещенного контента, например, детской порнографии.


Стоит заметить, что Freedom Hosting, попавший под контроль ФБР – немаловажный хостинг Tor. Через три дня после очередного ареста Маркеса 4 августа 2013 г. в блоге компании Tor Project была опубликована запись о множественных обращениях пользователей о пропаже из сети большого количества адресов скрытых сервисов. В общей сложности из каталога исчезло около половины сайтов, работающих в псевдодомене .onion (являющихся скрытыми сервисами Tor), в том числе и не связанных с нелегальным контентом.


Эксперты проанализировали код установленного на серверах ПО и пришли к выводу, что оно эксплуатирует уязвимость в браузере Firefox 17 ESR, на основе которого собран пакет Tor Browser Bundle. Этот пакет, свободно размещенный на официальном сайте проекта, предназначен для пользователей, которые желают воспользоваться анонимной сетью.


Обратный инжиниринг позволил выяснить, что целью скрытого кода является разоблачение анонимных пользователей: путем передачи уникального MAC-адреса устройства, с которого выполнен вход в интернет, и имя компьютера жертвы в операционной системе Windows.


Эти данные отправлялись на неизвестный сервер в Северной Виргинии, США, для определения IP-адреса пользователя. Удалось найти два адреса, на которые скрытый код отправлял данные, однако с кем они были связаны, установить не удалось – трассировка обрывалась на одном из серверов американской телекоммуникационной компании Verizon.


Причастность ФБР к созданию этого кода была подтверждена официальным представителем впервые. До этого наблюдатели могли лишь догадываться о том, кто является его автором. Было наиболее очевидно, что к этому причастны именно властные структуры, так как предназначением кода было рассекречивание пользователей, а не установка какого-либо бэкдора.


Выступая в суде, спецагент Донахью пояснил, что код был внедрен для поиска соучастников Маркеса.


Недавно внимание к сети Tor было проявлено по той причине, что, как оказалось, ее финансированием на 60% занимается американское правительство. Стоит отметить, что изначально Tor создавалась как военная разработка, и уже затем этот проект приобрел открытый характер.


Источник: http://www.cnews.ru/top/2013/0.....noy_setyu_tor_543194


 
На страницу: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 След.
Комментарии [скрыть комментарии/форму]
— cypherpunks (19/02/2016 21:07)   профиль/связь   <#>
комментариев: 188   документов: 25   редакций: 12
отпечаток ключа:  ...B6170B796EBF7E39

Судья обязал ФБР раскрыть код
— Гость_ (29/02/2016 09:49)   профиль/связь   <#>
комментариев: 407   документов: 5   редакций: 9
отпечаток ключа:  ...51616B0F3C59A0C6
Теперь и в тор-блоге.
— cypherpunks (17/03/2016 05:18)   профиль/связь   <#>
комментариев: 188   документов: 25   редакций: 12
отпечаток ключа:  ...B6170B796EBF7E39
Ghappour suggests possible ramifications from overseas hacking could include the prosecution of investigators for violating domestic laws of affected countries; he points to a 2002 case where Russia's Federal Security Service (FSB) filed charges against the FBI for remotely siphoning data from servers in Chelyabinsk. Ghappour writes that affected countries may also take counter-measures against the US, and that operations may result in diplomatic fallout. “I think there's a significant risk,” he said. “Some of these cyber operations might be landing in countries that we're in conflict with; that introduces a whole new set of problems.”

motherboard.vice.com

IGOR TKACH, an investigator with Russia’s Federal Security Service, or FSB, started criminal proceedings against FBI Agent Michael Schuler for unauthorized access to computer information, according to the Interfax news agency.

Finally, Coughenour rejected defense arguments that the FBI’s actions “were unreasonable and illegal because they failed to comply with Russian law,” saying that Russian law does not apply to the agents’ actions.

nbcnews.com
— cypherpunks (26/03/2016 08:22)   профиль/связь   <#>
комментариев: 188   документов: 25   редакций: 12
отпечаток ключа:  ...B6170B796EBF7E39
Yes, we were careful. The statement says what it says for exactly the reasons you suspect.

On rare occasion, however, members of our community and even some employees have been threatened with force or physical violence for not fulfilling an extra-legal demand. Hence the reason that it is even more important that we have enough redundancy and protection against single points of failure so that we cannot honor such extra-legal demands.

blog.torproject.org
— cypherpunks (06/04/2016 10:44)   профиль/связь   <#>
комментариев: 188   документов: 25   редакций: 12
отпечаток ключа:  ...B6170B796EBF7E39
In classic form, the local FBI wanted to mount a dramatic raid on Ross’ house. Tarbell didn’t like this idea. He was worried about repeating the mistake made during his first big cybercrime case, when they arrested a hacktivist named Jeremy Hammond in Chicago. There, a SWAT team charged into Hammond’s apartment throwing flash grenades, immediately alerting Hammond in the back room, who shut the lid of his laptop, encrypting it forever.

This kind of operation didn’t need SWAT, Tarbell thought. It required finesse. To prosecute a cybercrime you needed direct evidence, which centered around Ross’ machine. Tarbell wanted to get Ross in medias res, with “fingers on the keys,” as they say in the trade. Tarbell had read in DPR’s chats about how secure his system was, how one keystroke would erase it all. There was no margin for error. They needed complete surprise.

Still, the assault strategy remained in place. “Thank you for your input,” the local FBI supervisor had told Tarbell. “Now here is the plan.” There would be three SWAT teams, one for each floor of the house. They would hit at dawn, gaining “fluid entry.” They couldn’t promise, but they would try to catch Ross while he was online.

“These are the fastest SWAT teams,” the supervisor said.

“But it doesn’t matter,” Tarbell said. “No one is fast enough.”

Kiernan and another agent had been in the library when Ross walked in. He went right by them and continued unaware past the periodicals and reference desk, beyond the romance novels, and settled in at a circular table near science fiction, on the second floor. The other agent assessed the tactical landscape up there, which was tough: Ross was sitting in a corner, with a view out the window and his back toward the wall. There was no obvious approach. It was Kiernan’s job to get Ross’ laptop, and it looked tricky. “Your sole job is to get the laptop,” Tarbell had drilled Kiernan. “Get the laptop. That’s why you’re here. Get the laptop. And keep it alive.”

He took a deep breath and sent a message: “Let the guy run if you have to, but don’t let that computer close.” This was the moment. Tarbell didn’t know it, but the surveillance agents had designed a new arrest on the spot. He had no idea what would happen when he took a deep breath and told everyone: Go.

What unfolded next was a piece of improvisational theater. At 3:14 pm, DPR was typing away, writing to Cirrus. Just then, a middle-aged woman and man came toward Ross, ambling along in the kind of semihomeless shuffle you might often see in a San Francisco library. “Fuck you!” the woman yelled when they were directly behind Ross’ chair. As if they were a deranged couple about to fight, the man grabbed the woman by the collar and raised his fist.

Ross turned around for just a second, during which a hand reached across the table and grasped Ross’ Samsung. The petite, unassuming young Asian woman sitting across from Ross this whole time was, to everyone’s surprise, also an FBI agent. Ross lunged for his machine, a hair too late, as she turned like a quarterback for a quick handoff to Kiernan, who appeared out of nowhere—as instructed—to get the laptop. It took less than 10 seconds. From afar, Tarbell was astonished by the elegant choreography of the whole thing. It looked like the police procedural version of a tight jazz quartet.

While Ross was cuffed, Kiernan immediately sat down with Ross’ PC. It was open. He could see everything. The machine ID was Frosty. Ross was logged in to Silk Road as an administrator under an account called /Mastermind.

Tarbell called Yum in Iceland to set that phase in motion. Yum shut down communication between the machine in the Thor Data Center and all the others around the world and then simply “changed possession” of the bitcoins by redirecting the digital pointers—this is how ownership of the currency works—from Silk Road to an FBI account. And voilà: All your coins are belong to us.

In France they discovered a digital booby trap: To redirect the Silk Road site itself required a delicate data process that could shut the box down; if restarted, the server was programmed to delete its key, basically self-destructing. But the trap was discovered, and gingerly evaded, and the machine succumbed.

In a van that doubled as a mobile lab, Kiernan worked forensics on Ross’ computer. He quickly found a mountain of evidence: a list of all the Silk Road servers and the names Ross had purchased them under, 144,000 bitcoins (more than enough to cover that $20 million bribe), a spreadsheet showing Silk Road accounting (including a capital-equipment entry for the purchase of that very laptop), and those diaries Ross kept, which detailed his hopes, fears, and foibles in operating a vast criminal conspiracy.

Kiernan also found a file called emergency .txt, with an unrealized escape procedure:
Destroy laptop hard drive and hide/dispose
Hide memory stick
Go to end of train
Find place to live on craigslist for cash Create new identity (name, backstory)

wired.com
— cypherpunks (25/04/2016 10:38)   профиль/связь   <#>
комментариев: 188   документов: 25   редакций: 12
отпечаток ключа:  ...B6170B796EBF7E39
“Based on the foregoing analysis, the Court concludes that the NIT warrant was issued without jurisdiction and thus was void ab initio,” Judge William G. Young of the District of Massachusetts writes in an order. “It follows that the resulting search was conducted as though there were no warrant at all.”

“Since warrantless searches are presumptively unreasonable, and the good-faith exception is inapplicable, the evidence must be excluded,” it continues.

Young's order came in response to a motion to suppress from the lawyers of Alex Levin, who was arrested as part of the investigation into the site Playpen. After seizing the site, the FBI ran Playpen from a government facility from February 20 to March 4, 2015, and used a NIT to obtain over a thousand IP addresses for US-based users of the site, and at least 3000 for users abroad, according to Motherboard's investigations.

Young's move hinges around the one warrant used to authorise all of these computer intrusions. Lawyers have raised issues with it before—Colin Fieman, a defender in a related case, previously told Motherboard that it “effectively authorizes an unlimited number of searches, against unidentified targets, anywhere in the world.” The Electronic Frontier Foundation filed a strongly-worded amicus brief in another affected case, and called the warrant “unconstitutional.”

“This is the first time a court has ever suppressed anything from a government hacking operation,” Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), told Motherboard in an encrypted phone call. (Soghoian has been called as an expert by the defense in another affected case.)

Other judges have blocked parts of hacking operations before. In 2013, a judge denied the FBI a hacking warrant that would have authorised the agency to collect chat logs, web history and other data from the target laptop, as well as turn on the suspect's web camera.

Lawyers from other affected cases around the country are sure to be following this latest order closely.

motherboard.vice.com

According to Judge Young, the problem with the warrant was that it was signed by a US magistrate judge, who only had the jurisdiction to authorize warrants in his local area. Collecting evidence outside of that area, which the FBI surely did with the NIT, can only be done with the authorization of a district judge.

This is where things will be particularly frustrating for the Feds, as it turns out the federal judges who could have properly authorized the search were likely just yards away when the NIT warrant was signed.

theregister.co.uk
— cypherpunks (02/12/2016 13:16)   профиль/связь   <#>
комментариев: 188   документов: 25   редакций: 12
отпечаток ключа:  ...B6170B796EBF7E39
“This is an Javascript exploit actively used against TorBrowser NOW,” they wrote. Roger Dingledine, co-founder of the Tor Project, replied shortly after, saying that someone had sent the code to Mozilla earlier that day, and that the non-profit was working on a patch.

According to independent security researcher slipstream/RoL, some of the code is “almost exactly” the same as that used in a 2013 FBI operation to unmask users of dark web sites.

the code is “100 percent effective for remote code execution on Windows systems.” The payload of this latest malware points to an IP address of 5.39.27.226, a server in France belonging to hosting provider OVH.

motherboard.vice.com
Вышел 6.0.7 с исправлением
На страницу: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 След.
Ваша оценка документа [показать результаты]
-3-2-1 0+1+2+3